summaryrefslogtreecommitdiff
path: root/src/shared
Commit message (Collapse)AuthorAgeFilesLines
* tree-wide: ignore messages with too long control dataLennart Poettering2021-02-021-0/+4
| | | | | | | | | | | | | | | | | | | | Apparently SELinux inserts control data into AF_UNIX datagrams where we don't expect it, thus miscalculating the control data. This looks like something to fix in SELinux, but we still should handle this gracefully and just drop the offending datagram and continue. recvmsg_safe() actually already drops the datagram, it's just a matter of actually ignoring EXFULL (which it generates if control data is too large) in the right places. This does this wherever an AF_UNIX/SOCK_DGRAM socket is used with recvmsg_safe() that is not just internal communication. Fixes: #17795 Follow-up for: 3691bcf3c5eebdcca5b4f1c51c745441c57a6cd1 (cherry picked from commit 741bfd7f4e60fdc07ecaadbd93f1196dbee657ca) (cherry picked from commit b7e0ac754eba3c91b76dc7b92802716144b569b8)
* wifi-util: do not ignore wifi iftype when SSID is not setYu Watanabe2021-02-021-4/+8
| | | | | | | | | | Previously, if an interface does not have SSID, e.g. run in mesh-point type, then the wifi iftype obtained by the netlink call was ignored. Fixes #18059. (cherry picked from commit a66a402da471f6230ab8674fd2c1df6d918773b5) (cherry picked from commit fc4eae72f8dd34a334b2707614d9c07974d4d604)
* wifi-util: cleanup header inclusionYu Watanabe2021-02-022-7/+2
| | | | | (cherry picked from commit a5330078158cbd5070e42fd3f91ecb570e210359) (cherry picked from commit 3885103672047e52c22c8d338baec8598208ca4a)
* bpf: do not use structured initialization for bpf_attrLuca Boccassi2021-02-021-40/+33
| | | | | | | | | | It looks like zero'ing the struct is not enough, and with some level of optimizations there is still non-zero padding left over. Switch to member-by-member initialization. Also convert all remaining bpf_attr variables in other files. (cherry picked from commit 9ca600e2bfacc52a65c89f3485723b2c27394e55) (cherry picked from commit 95ee2c6b481b7a1f953cb720c35df568b7a6cb70)
* bpf: zero bpf_attr before initializationLuca Boccassi2021-02-021-0/+8
| | | | | | | | | | | When building with Clang and using structured initialization, the bpf_attr union is not zero-padded, so the kernel misdetects it as an unsupported extension. zero it until Clang's behaviour matches GCC. Do not skip the test on Github Actions anymore. (cherry picked from commit 28abf5ad3483a417d3d4de561533d282493a7f2a) (cherry picked from commit 94bb28590b21f37bcd9b831029af05a8a78f49ef)
* journal-importer: ignore invalid field at one more placeYu Watanabe2021-02-021-0/+10
| | | | | | | | Fixes oss-fuzz#28817. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28817 (cherry picked from commit 8786d4bbe43b5f6493982bcb5211e010f99deb57) (cherry picked from commit cefb123e8ab65772a2a609081ca34ac6ea1267d6)
* logs-show: refuse data which contain invalid fieldsYu Watanabe2021-02-021-12/+20
| | | | | (cherry picked from commit 805d67c565d57e0915162164f7e5e3026a29a2c5) (cherry picked from commit 2a76d510d9c50dd8f4bd21194cf3f457760aea52)
* journal: move journal_field_valid() to journal_file.cYu Watanabe2021-02-022-39/+0
| | | | | (cherry picked from commit adce225a104d0b7503aa7322db15d1c6dd8b8093) (cherry picked from commit b7f69284f1eb21c51cb659a96685cffc6c472ffd)
* bus-util: improve logging when we can't connect to the busLennart Poettering2021-02-021-6/+15
| | | | | | | | | | | | | | | | | | Previously, we'd already have explicit logging for the case where $XDG_RUNTIME_DIR is not set. Let's also add some explicit logging for the EPERM/ACCESS case. Let's also in both cases suggest the --machine=<user>@.host syntax. And while we are at it, let's remove side-effects from the macro. By checking for both the EPERM/EACCES case and the $XDG_RUNTIME_DIR case we will now catch both the cases where people use "su" to issue a "systemctl --user" operation, and those where they (more correctly, but still not good enough) call "su -". Fixes: #17901 (cherry picked from commit 1ecb46724cae151606bc825f0e39f14d4dfe1a0e) (cherry picked from commit 36bc4a18fd8117cab0d4ff02eac89579a86cd399)
* cryptsetup: add support for workqueue optionsJonathan G. Underwood2020-12-301-0/+8
| | | | | | | | | | This commit adds support for disabling the read and write workqueues with the new crypttab options no-read-workqueue and no-write-workqueue. These correspond to the cryptsetup options --perf-no_read_workqueue and --perf-no_write_workqueue respectively. (cherry picked from commit 227acf0009bde2cd7f8bc371615b05e84137847d)
* generator: use kmsg in system-level generators, journal otherwisev246.7Lennart Poettering2020-12-081-2/+8
| | | | | | | Fixes: #17129. (cherry picked from commit dee29aeb5909f4f5604012ced250488286b8d468) https://github.com/systemd/systemd-stable/issues/76
* dns-domain: try IDN2003 rules if IDN2008 doesn't workLennart Poettering2020-12-081-0/+6
| | | | | | | | This follows more closely what web browsers do, and makes sure emojis in domains work. Fixes: #14483 (cherry picked from commit d80e72ec602c2af2983842ad87e4443fce89d423)
* shared/seccomp-util: address family filtering is broken on ppcZbigniew Jędrzejewski-Szmek2020-12-081-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts the gist of da1921a5c396547261c8c7fcd94173346eb3b718 and 0d9fca76bb69e162265b2d25cb79f1890c0da31b (for ppc). Quoting #17559: > libseccomp 2.5 added socket syscall multiplexing on ppc64(el): > https://github.com/seccomp/libseccomp/pull/229 > > Like with i386, s390 and s390x this breaks socket argument filtering, so > RestrictAddressFamilies doesn't work. > > This causes the unit test to fail: > /* test_restrict_address_families */ > Operating on architecture: ppc > Failed to install socket family rules for architecture ppc, skipping: Operation canceled > Operating on architecture: ppc64 > Failed to add socket() rule for architecture ppc64, skipping: Invalid argument > Operating on architecture: ppc64-le > Failed to add socket() rule for architecture ppc64-le, skipping: Invalid argument > Assertion 'fd < 0' failed at src/test/test-seccomp.c:424, function test_restrict_address_families(). Aborting. > > The socket filters can't be added so `socket(AF_UNIX, SOCK_DGRAM, 0);` still > works, triggering the assertion. Fixes #17559. (cherry picked from commit d5923e38bc0e6cf9d7620ed5f1f8606fe7fe1168)
* seccomp: also move munmap into @default syscall filter setYu Watanabe2020-12-081-1/+1
| | | | | | Follow-up for 5abede3247591248718026cb8be6cd231de7728b. (cherry picked from commit 11b9105dfdbcea5dc9f4a5dd676ca494ab8b909e)
* seccomp: move brk+mmap+mmap2 into @default syscall filter setLennart Poettering2020-12-081-3/+3
| | | | | | | | | | | | | These three syscalls are internally used by libc's memory allocation logic, i.e. ultimately back malloc(). Allocating a bit of memory is so basic, it should just be in the default set. This fixes a couple of issues with asan/msan and the seccomp tests: when asan/msan is used some additional, large memory allocations take place in the background, and unless mmap/mmap2/brk are allowlisted these will fail, aborting the test prematurely. (cherry picked from commit 5abede3247591248718026cb8be6cd231de7728b)
* ethtool: make ethtool_get_driver() return -ENODATA if ioctl succeeds but ↵Yu Watanabe2020-12-081-0/+3
| | | | | | | | driver name is empty Inspired by #17532. (cherry picked from commit 861de64e6858bc92b154ad70d1cee41ae5b75835)
* format-table: add TABLE_STRV_WRAPPEDZbigniew Jędrzejewski-Szmek2020-12-082-144/+227
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The idea is that we have strvs like list of server names or addresses, where the majority of strings is rather short, but some are long and there can potentially be many strings. So formattting them either all on one line or all in separate lines leads to output that is either hard to read or uses way too many rows. We want to wrap them, but relying on the pager to do the wrapping is not nice. Normal text has a lot of redundancy, so when the pager wraps a line in the middle of a word the read can understand what is going on without any trouble. But for a high-density zero-redundancy text like an IP address it is much nicer to wrap between words. This also makes c&p easier. This adds a variant of TABLE_STRV which is wrapped on output (with line breaks inserted between different strv entries). The change table_print() is quite ugly. A second pass is added to re-calculate column widths. Since column size is now "soft", i.e. it can adjust based on available columns, we need to two passes: - first we figure out how much space we want - in the second pass we figure out what the actual wrapped columns widths will be. To avoid unnessary work, the second pass is only done when we actually have wrappable fields. A test is added in test-format-table. (cherry picked from commit b0e3d799891c4633bd2b0d88e4ed2c741bbcd532)
* format-table: reduce scope of iterator variablesZbigniew Jędrzejewski-Szmek2020-12-081-48/+31
| | | | (cherry picked from commit 6f8ca84c9b64c81add286790a7ffcc2eed569b27)
* resolvectl: sort domain/nta outputZbigniew Jędrzejewski-Szmek2020-12-082-0/+18
| | | | | | dns list shall not be sorted. (cherry picked from commit af781878d5986127ca00831c4b524c2b62649823)
* util: make size macros unsignedLennart Poettering2020-12-081-1/+1
| | | | | | | | | | By making them unsigned comparing them with other sizes is less likely to trigger compiler warnings regarding signed/unsigned comparisons. After all sizes (i.e. size_t) are generally assumed to be unsigned, so these should be too. Prompted-by: https://github.com/systemd/systemd/pull/17345#issuecomment-709402332 (cherry picked from commit 67bd5620f6cf481c0a59cedbcf63ddcab355cc55)
* shared/daemon-util: fix notify_on_cleanup()Zbigniew Jędrzejewski-Szmek2020-12-081-1/+1
| | | | | | | | p itself is never null. Because of this, we would always call sd_notify() in cleanup, even though the intention was to only call it if notify_start() was executed. (cherry picked from commit 297fc20dc469694f054ed2be4358eb21efe89660)
* sd-bus: add custom return code when $XDG_RUNTIME_DIR is not setZbigniew Jędrzejewski-Szmek2020-12-081-5/+11
| | | | | | | | | We would return ENOENT, which is extremely confusing. Strace is not helpful because no *file* is actually missing. So let's add some logs at debug level and also use a custom return code. Let all user-facing utilities print a custom error message in that case. (cherry picked from commit ab4a88eb920e2f64a79a60c1ea9aecb7907a9635)
* bootspec: tweak error messageLennart Poettering2020-12-081-2/+2
| | | | | | | Clarify that the name of the entry failed validation, not the entry itself. (cherry picked from commit dfc22cb4724851990d3d2ebcc2404a708e1b7223)
* varlink: add server write states to disconnect checkAnita Zhang2020-12-081-0/+5
| | | | | | | | | | | | While a server is in the VARLINK_PENDING_METHOD or VARLINK_PENDING_METHOD_MORE states and its write end is disconnected and it gets a POLLHUP, we should disconnect since it can't write anymore. In the case of systemd-oomd disconnecting while pid1 was pending-more, this condition left pid1 in a state where it started throttling from continually getting POLLHUP. (cherry picked from commit e8e9227f5c3f8d47bec1d57a2801b22d53d0b341)
* pager: lets check SYSTEMD_PAGERSECURE with secure_getenv()Lennart Poettering2020-12-081-1/+1
| | | | | | | | | | I can't think of any real vulnerability about this, but it still feels better to check a variable with "secure" in its name with secure_getenv() rather than plain getenv(). Paranoia FTW! (cherry picked from commit b8f736b30e20a2b44e7c34bb4e43b0d97ae77e3c)
* pager: make pager secure when under euid is changed or explicitly requestedZbigniew Jędrzejewski-Szmek2020-12-081-21/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The variable is renamed to SYSTEMD_PAGERSECURE (because it's not just about less now), and we automatically enable secure mode in certain cases, but not otherwise. This approach is more nuanced, but should provide a better experience for users: - Previusly we would set LESSSECURE=1 and trust the pager to make use of it. But this has an effect only on less. We need to not start pagers which are insecure when in secure mode. In particular more is like that and is a very popular pager. - We don't enable secure mode always, which means that those other pagers can reasonably used. - We do the right thing by default, but the user has ultimate control by setting SYSTEMD_PAGERSECURE. Fixes #5666. v2: - also check $PKEXEC_UID v3: - use 'sd_pid_get_owner_uid() != geteuid()' as the condition (cherry picked from commit 0a42426d797406b4b01a0d9c13bb759c2629d108)
* pager: set $LESSSECURE whenver we invoke a pagerLennart Poettering2020-12-081-2/+21
| | | | | | | | | | | Some extra safety when invoked via "sudo". With this we address a genuine design flaw of sudo, and we shouldn't need to deal with this. But it's still a good idea to disable this surface given how exotic it is. Prompted by #5666 (cherry picked from commit 612ebf6c913dd0e4197c44909cb3157f5c51a2f0)
* seccomp: allowlist close_range() by default in @basic-ioLennart Poettering2020-12-081-0/+1
| | | | (cherry picked from commit 6ea0d25c573c6ef64f62333b7e850067a202c7ee)
* pretty-print: don't abbreviate needlessly in user-facing stringLennart Poettering2020-12-081-1/+1
| | | | (cherry picked from commit e2d839d316b006fe86b1f156d90da35fa0857bfb)
* seccomp-util: fix typo in help messageSamanta Navarro2020-12-081-1/+1
| | | | (cherry picked from commit 7b121df640475a3c8b9891a307f562abc754293d)
* bootspec: don't fail with EIO if searching for ESP and finding one without ↵Lennart Poettering2020-12-081-4/+6
| | | | | | | | | an enveloping partition table If this happens this should just mean: we couldn't find the ESP. Fixes: #17122 (cherry picked from commit 7ea3024b508ac7166851bd8728ac31802586d614)
* seccomp-util: add cacheflush() syscall to @default syscall setLennart Poettering2020-12-081-0/+1
| | | | | | | | | This is like membarrier() I guess and basically just exposes CPU functionality via kernel syscall on some archs. Let's whitelist it for everyone. Fixes: #17197 (cherry picked from commit 8e24b1d23f5fa711bfdfd38bcfef525de04cd3c1)
* loop-util: apparently opening a loop device sometimes results in ENXIO, ↵Lennart Poettering2020-12-081-1/+1
| | | | | | handle this (cherry picked from commit 77ad674b51ceb598aae1adaa7abe572ad0262f39)
* user-record: don't refuse login when last pw change time is in the futureLennart Poettering2020-12-082-0/+13
| | | | | | | The RTC is like just off, it's a weird system state, let's continue without requiring pw change. (cherry picked from commit 3e0b54867e22523cffda3b80e179df89b6d81bcd)
* homed: ignore ratelimiting counters when timestamp is from futureLennart Poettering2020-12-081-0/+5
| | | | | | | | This likely indicates that the system clock is simply wrong, hence allow access in this case. Fixes: #15917 (cherry picked from commit 61a29a020c5c6611a22a84c1456e8da7aa656194)
* homed: don't block logins into accounts with future change timeLennart Poettering2020-12-082-10/+12
| | | | | | | This might happen if the system clock is wrong, and we should allow access in this case (though certainly log about it). (cherry picked from commit 51a95db6dcb720608eccaac01328b66ef7cc0d30)
* dissect: is_loop_device() returns negative on error, don't mistake that is trueLennart Poettering2020-09-201-1/+1
| | | | (cherry picked from commit 3afda7c7976c25db786948a961873fa5c2c8e0e9)
* dissect: always invalidate secondary arch partitions if we found primary archLennart Poettering2020-09-201-7/+6
| | | | | | | | | | | | Let's suppress the secondary arch data, since we never ever want to mount it if we found the primary arch. Previously we only suppressed in the Verity case, but there's little reason to entertain the idea of a secondary arch in non-Verity environments either, we are not going to use them, and should not do decryption or anything like that. (cherry picked from commit 74cb2db9f403dfe17cabc6dac48b0f49a84eb03f)
* ethtool-util: don't pass error value that isn't used to log_syntaxLennart Poettering2020-09-111-1/+1
| | | | (cherry picked from commit d8ea7f838b1199d240d522ee3ce05d1c263b7ad4)
* cryptsetup: Fix null pointer dereference (#16987)Mikael Szreder2020-09-111-2/+4
| | | | | | | | cryptsetup: Fix null pointer dereference Fix null pointer dereference in the pkcs11 related code of systemd-cryptsetup (cherry picked from commit 664ad0f6f54257643fa069d9e1e9cad0f6fd7cc3)
* network: make log_link_error() or friends return voidYu Watanabe2020-09-111-11/+13
| | | | (cherry picked from commit d157714b6819d9e4faa93ef64a5041d5a8ae4779)
* tree-wide: if get_block_device() returns zero devno, check for it in all casesLennart Poettering2020-09-111-0/+2
| | | | | | | And add a comment for the existing cases where things aren't clear already. (cherry picked from commit d161680e7afb7ae01593ffc5deb6c02bbc08ed19)
* nspawn,pid1: pass "inaccessible" nodes from cntr mgr to pid1 payload via ↵Lennart Poettering2020-09-022-17/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | /run/host Let's make /run/host the sole place we pass stuff from host to container in and place the "inaccessible" nodes in /run/host too. In contrast to the previous two commits this is a minor compat break, but not a relevant one I think. Previously the container manager would place these nodes in /run/systemd/inaccessible/ and that's where PID 1 in the container would try to add them too when missing. Container manager and PID 1 in the container would thus manage the same dir together. With this change the container manager now passes an immutable directory to the container and leaves /run/systemd entirely untouched, and managed exclusively by PID 1 inside the container, which is nice to have clear separation on who manages what. In order to make sure systemd then usses the /run/host/inaccesible/ nodes this commit changes PID 1 to look for that dir and if it exists will symlink it to /run/systemd/inaccessible. Now, this will work fine if new nspawn and new pid 1 in the container work together. as then the symlink is created and the difference between the two dirs won't matter. For the case where an old nspawn invokes a new PID 1: in this case things work as they always worked: the dir is managed together. For the case where different container manager invokes a new PID 1: in this case the nodes aren't typically passed in, and PID 1 in the container will try to create them and will likely fail partially (though gracefully) when trying to create char/block device nodes. THis is fine though as there are fallbacks in place for that case. For the case where a new nspawn invokes an old PID1: this is were the (minor) incompatibily happens: in this case new nspawn will place the nodes in the /run/host/inaccessible/ subdir, but the PID 1 in the container won't look for them there. Since the nodes are also not pre-created in /run/systed/inaccessible/ PID 1 will try to create them there as if a different container manager sets them up. This is of course not sexy, but is not a total loss, since as mentioned fallbacks are in place anyway. Hence I think it's OK to accept this minor incompatibility. (cherry picked from commit 9fac502920a648d82e21b207989bfc3c00fbdebc)
* varlink: do not parse invalid messages twiceZbigniew Jędrzejewski-Szmek2020-09-021-3/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upon reception of a message which fails in json_parse(), we would proceed to parse it again from a deferred callback and hang. Once we have realized that the message is invalid, let's move the pointer in the buffer even if the message is invalid. We don't want to look at this data again. (before) $ build-rawhide/userdbctl --output=json user test.user n/a: varlink: setting state idle-client /run/systemd/userdb/io.systemd.Multiplexer: Sending message: {"method":"io.systemd.UserDatabase.GetUserRecord","parameters":{"userName":"test.user","service":"io.systemd.Multiplexer"}} /run/systemd/userdb/io.systemd.Multiplexer: varlink: changing state idle-client → awaiting-reply /run/systemd/userdb/io.systemd.Multiplexer: New incoming message: {...} /run/systemd/userdb/io.systemd.Multiplexer: varlink: changing state awaiting-reply → pending-disconnect /run/systemd/userdb/io.systemd.Multiplexer: New incoming message: {...} /run/systemd/userdb/io.systemd.Multiplexer: varlink: changing state pending-disconnect → disconnected ^C (after) $ n/a: varlink: setting state idle-client /run/systemd/userdb/io.systemd.Multiplexer: Sending message: {"method":"io.systemd.UserDatabase.GetUserRecord","parameters":{"userName":"test.user","service":"io.systemd.Multiplexer"}} /run/systemd/userdb/io.systemd.Multiplexer: varlink: changing state idle-client → awaiting-reply /run/systemd/userdb/io.systemd.Multiplexer: New incoming message: {...} /run/systemd/userdb/io.systemd.Multiplexer: Failed to parse JSON: Invalid argument /run/systemd/userdb/io.systemd.Multiplexer: varlink: changing state awaiting-reply → pending-disconnect /run/systemd/userdb/io.systemd.Multiplexer: varlink: changing state pending-disconnect → processing-disconnect Got lookup error: io.systemd.Disconnected /run/systemd/userdb/io.systemd.Multiplexer: varlink: changing state processing-disconnect → disconnected Failed to find user test.user: Input/output error This should fix #16683 and https://bugs.gentoo.org/735072. (cherry picked from commit 77472d06a4740d820ebccdb04e217d6b7d66dd50)
* shared/{user,group}-record-nss: adjust filtering of "valid" passwordsZbigniew Jędrzejewski-Szmek2020-09-024-10/+15
| | | | | | | | | | | | | | We would reject various passwords that glibc accepts, for example "" or any descrypted password. Accounts with empty password are definitely useful, for example for testing or in scenarios where a password is not needed. Also, using weak encryption methods is probably not a good idea, it's not the job of our nss helpers to decide that: they should just faithfully forward whatever data is there. Also rename the function to make it more obvious that the returned answer is not in any way certain. (cherry picked from commit 8f796e40a561bd9200fde3c8885e6255a2dd4250)
* Rework how we cache mtime to figure out if units changedZbigniew Jędrzejewski-Szmek2020-09-012-29/+34
| | | | | | | | | | | | | | | | | | | Instead of assuming that more-recently modified directories have higher mtime, just look for any mtime changes, up or down. Since we don't want to remember individual mtimes, hash them to obtain a single value. This should help us behave properly in the case when the time jumps backwards during boot: various files might have mtimes that in the future, but we won't care. This fixes the following scenario: We have /etc/systemd/system with T1. T1 is initially far in the past. We have /run/systemd/generator with time T2. The time is adjusted backwards, so T2 will be always in the future for a while. Now the user writes new files to /etc/systemd/system, and T1 is updated to T1'. Nevertheless, T1 < T1' << T2. We would consider our cache to be up-to-date, falsely. (cherry picked from commit c2911d48ff0fc61fb3cfab7050110992a7390417)
* src/shared/dissect-image.c: fix build without blkdid (#16901)Fabrice Fontaine2020-09-011-3/+3
| | | | | | | | | | | | | | | | N_DEVICE_NODE_LIST_ATTEMPTS is unconditionally used since version 246 and https://github.com/systemd/systemd/commit/ac1f3ad05f7476ae58981dcba45dfeb2c0006824 However, this variable is only defined if HAVE_BLKID is set resulting in the following build failure if cryptsetup is enabled but not libblkid: ../src/shared/dissect-image.c:1336:34: error: 'N_DEVICE_NODE_LIST_ATTEMPTS' undeclared (first use in this function) 1336 | for (unsigned i = 0; i < N_DEVICE_NODE_LIST_ATTEMPTS; i++) { | Fixes: - http://autobuild.buildroot.org/results/67782c225c08387c1bbcbea9eee3ca12bc6577cd (cherry picked from commit 28e2641a1aa506c5df93c7a0cb107aed8297b45e)
* tty-ask-pw-agent: the message string might not be setLennart Poettering2020-09-011-0/+3
| | | | (cherry picked from commit 66bff73b4f91f8d2fdd385f9f1e2b6339055c9e4)
* shared/install: fix preset operations for non-service instantiated unitsZbigniew Jędrzejewski-Szmek2020-08-261-8/+5
| | | | | | Fixes https://github.com/coreos/ignition/issues/1064. (cherry picked from commit 47ab95fe4315b3f7ee5a3694460a744bb88c52fd)
* various: treat BUS_ERROR_NO_SUCH_UNIT the same as SD_BUS_ERROR_SERVICE_UNKNOWNZbigniew Jędrzejewski-Szmek2020-08-261-2/+6
| | | | | | | | | | | | | | | | | | We return BUS_ERROR_NO_SUCH_UNIT a.k.a. org.freedesktop.systemd1.NoSuchUnit in various places. In #16813: Aug 22 06:14:48 core sudo[2769199]: pam_systemd_home(sudo:account): Failed to query user record: Unit dbus-org.freedesktop.home1.service not found. Aug 22 06:14:48 core dbus-daemon[5311]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.home1.service': Unit dbus-org.freedesktop.home1.service not found. Aug 22 06:14:48 core dbus-daemon[5311]: [system] Activating via systemd: service name='org.freedesktop.home1' unit='dbus-org.freedesktop.home1.service' requested by ':1.6564' (uid=0 pid=2769199 comm="sudo su ") This particular error comes from bus_unit_validate_load_state() in pid1: case UNIT_NOT_FOUND: return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_UNIT, "Unit %s not found.", u->id); It seems possible that we should return a different error, but it doesn't really matter: if we change pid1 to return a different error, we still need to handle BUS_ERROR_NO_SUCH_UNIT as in this patch to handle pid1 with current code. (cherry picked from commit 73d3ac8e2440cda3b7f2310f329f0798de6c041c)
View Lorry Controller Status